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This listing of claims will replace all prior versions, and listings, of claims in the application. 
Listing of Claims: 

1 . (Currently amended) A computer-implemented method of processing runtime functions, 
comprising: 

compiling code to produce executable code that is marked with an identifier indicating 
that the executable code comprises an object file containing a list of valid target addresses for use 
in implementing supports runtime protection; 

storing in a table, the list of valid target addresses as a reference list of valid target 
addresses: 

receiving a call to a runtime function of the executable code; 
determining associated data from the call to the runtime ftinction; 
determining a target address from the associated data; 

comparing the target address with et tiie reference list of valid target addresses stored in 
the table : 

if the target address is found on the reference list of valid target addresses then executing 
the runtime function; and 

if the target address is not found on the reference list of valid target addresses then 
terminating execution of the e x e cutabl e cod e runtime fiinction . 

2. (Original) The method of claim 1, wherein the step of determining the associated data 
comprises accessing data in a data structure connected with the runtime ftinction and calculating 
the associated data based on the accessed data. 

3-5 (Canceled). 

6. (Previously presented) The method of claim 1 comprising the step of generating the 
reference hst of valid target addresses during execution of a previous runtime function. 



Page 2 of 13 



DOCKET NO.: MSFT-2568/307781.01 

Application No.: 10/750,297 

Office Action Dated: October 14, 2008 



PATENT 



7-9. (Canceled) 

10. (Currently amended) A computer-readable storage medium having stored thereon 
computer-executable instructions for performing a method of processing runtime functions, the 
method comprising: 

receiving a call to a runtime function; 

determining associated data from the call to the runtime function; 

dotormining a target address from the associated data deriving a security cookie by 
XORing a secret value with each of the values retrieved from a jmp buf buffer, the retrieved 
values precluding a first security cookie that has been stored previously in the jmp buf buffer : 

comparing the targ e t addr e ss with a r e f e r e nc e list of valid targ e t addr e ss e s derived 
security cookie against the first security cookie: and 

if the target address is found on tho roforonoo list of valid target addrossos derived 
security cookie matches the first security cookie then executing the runtime function; and 

if the targ e t addr e ss is not found on th e r e f e r e nc e hst of vahd targ e t addr e ss e s derived 
security cookie does not match the first security cookie then terminating execution of the runtime 
function. 

1 1 . (Currently amended) The computer-readable storage medium of claim 10, wherein the 
step of determining the associated data comprises accessing data in a data structure connected 
with the runtime function and calculating the associated data based on the accessed data. 

12-14. (Canceled) 

15. (Currently amended) The computer-readable storage medium of claim 10 comprising tho 
st e p of g e n e rating th e list of targ e t addr e ss e s wherein the first security cookie is derived during 
execution of a previous runtime fimction. 
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16-18. (Canceled) 

19. (Currently amended) A system for processing runtime functions, comprising: 

a compiler that compiles code to produce an executable that is marked with an identifier 
indicating that the executable comprises an object file containing a list of valid target addresses 
for use in implementing supports runtime protection; 

a processor that receives a call to a runtime fimction; and 

a dispatcher system that determines associated data from the call to the runtime fimction, 
determines a target address from the associated data, and if the target address is found on the 
r e f e r e nc e list of valid target addresses then executes the target runtime function . 

20. (Original) The system of claim 19, wherein the dispatcher system comprises a module to 
access data in a data structure coimected with the runtime fimction and calculate the associated 
data based on the accessed data. 

21-22. (Canceled) 

23. (Currently amended) The system of claim 19, fiirther comprising a compiler that 
generates the r e f e r e nc e list of valid target addresses. 

24-27. (Canceled) 

28. (Currently amended) The method of claim 1 comprising wherein the step of storing in the 
table comprises storing the target address in a caller provided location during execution of a 
previous runtime fimction. 

29-36. (Canceled) 
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37. (Currently amended) The method of claim 1, further comprising: 

determining if at least a portion of the associated data is valid; and 

preventing execution of the target runtime function if the associated data is not valid. 

38. (Previously presented) The method of claim 3- 37, wherein the step of determining if the 
associated data is valid comprises retrieving a security cookie from the associated data and 
comparing the retrieved security cookie to a list of valid security cookies. 

39. (Currently amended) The method of claim 3- 37, further comprising determining and 
storing a predetermined calculated value based on at least a portion of the associated data, prior 
to receiving the call to the runtime function. 

40. (Currently amended) The method of claim S 39, wherein determining if the associated 
data is valid comprises comparing the predetermined calculated value to another calculated value 
based on the associated data. 

41 . (Currently amended) The computer readable medium of claim 10, having further computer- 
executable instructions for determining if at least a portion of the associated data is valid, and 
preventing execution of the targ e t runtime function if the associated data is not valid. 

42. (Canceled) 

43. (Currently amended) The computer-readable medium of claim 45 4\, having further 
computer-executable instructions for determining and storing a predetermined calculated value 
based on at least a portion of the associated data, prior to receiving the call to the runtime 
function. 

44. (Currently amended) The computer-readable medium of claim 4-7 43, wherein determining 
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if the associated data is valid comprises comparing the predetermined calculated value to another 
calculated value based on the associated data. 

45. (Currently amended) The system of claim 19, wherein the dispatcher system comprises 
modules to determine if at least a portion of the associated data is valid and prevent execution of 
the target runtime fiinction if the associated data is not valid. 

46. (Currently amended) The system of claim 2i- 45, further comprising a storage device that 
stores a the list of valid targets target addresses , whoroin the dispatcher system dotorminos if the 
associat e d data is valid by comparing the targ e t address to the list of valid targ e t addr e ss e s . 

47. (Currently amended) The system of claim 2J- 45, wherein the dispatcher system determines 
if the associated data is vahd by retrieving a security cookie from the associated data and 
comparing the retrieved security cookie to a list of valid security cookies. 

48. (Currently amended) The system of claim 3+ 45, wherein the processor determines and 
stores a predetermined calculated value based on at least a portion of the associated data, prior to 
receiving the call to the runtime fimction. 

49. (Currently amended) The system of claim 2& 48, wherein the dispatcher system determines 
if the associated data is valid by comparing the predetermined calculated value to another 
calculated value based on the associated data. 

50. (New) The method of claim 1, wherein the identifier is an identifier bit that is operable to be 
set for indicating that the executable code comprises the object file containing the list of valid 
target addresses for use in implementing runtime protection. 

5 1 . (New) The method of claim 1 , wherein the table is a .setjmp table and the call to the runtime 
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